RE: NATing a range of IPs
There is a range match module in patch-o-matic at
http://www.netfilter.org/documentation/pomlist/pom-base.html#iprange
To use it you need to patch the kernel source, then compile the module
and iptables library and install them.
As Frederik suggested, in most cases converting your ranges to prefix
lengths or netmasks is easier than patching the kernel :)
Best regards,
Boyan Krosnov, CCIE#8701
http://boyan.ludost.net/
just another techie speaking for himself
> -----Original Message-----
> From: Frederik Rousseau [mailto:fred@cmelectronics.be]
> Sent: Thursday, August 07, 2003 10:22 AM
> To: Matthew Kopishke; debian-firewall@lists.debian.org
> Subject: Re: NATing a range of IPs
>
>
> > Is it possible to NAT a range of IPs? Like for example:
> >
> > iptables -t nat -A PREROUTING -p tcp -s <range of IPs>
> --dport 80 -j
> > REDIRECT --to-port 13001
> >
> > As you can see what I would like to do is redirect port 80 from the
> > range of IPs (in this case 65.18.71.1 - 65.18.71.240) to port 13001.
> > It works great is I try one IP, or the whole block, I'm
> just unsure of
> > how you represent a range? I see references to a IP range
> in the man
> > pages, but no examples.
>
> iptables is using a netmask to define an IP range.
> Exsamples:
>
> 1) iptables -t nat -A PREROUTING -p tcp -s 10.20.1.0/24
> --dport 80 -j
> REDIRECT --to-port 13001
>
> gives you all the IPs from 10.20.1.1 to 10.20.1.254
>
> 2) iptables -t nat -A PREROUTING -p tcp -s 10.103.1.128/25
> --dport 80 -j
> REDIRECT --to-port 13001
>
> gives you all the IPs from 10.103.1.129 to 10.103.1.254
>
>
> On http://jodies.de/ipcalc you find a nice tool to define the
> netmasks for the
> right IP ranges.
>
> Regards,
> Fred
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
>
Reply to: